The three stages of preparing for GDPR

By: Experian

Date: 4 April 2018

The three stages of preparing for GDPRThe new General Data Protection Regulation (GDPR) is about building relationships and trust with customers, by being transparent regarding the collection and processing of personal data. Businesses of all sizes may be required to make changes to embed a GDPR culture, whether to their systems, processes or even roles.

To help you get to grips with what GDPR means for your business, we've identified three stages of preparation.

1. Investigate

The GDPR presents an opportunity to investigate your data management practices. This will allow risks to be exposed and potential changes identified.

During this process it's important to ask yourself:

  • Do you understand how in a GDPR context, 'personal data' can also be business data?
  • Do you classify data types to help with identification?
  • Have data flows been mapped to identify potential risks?
  • Have these risks been documented?
  • Have third parties been reviewed and asked how they've prepared for GDPR?
  • Have you identified personal data capture points, such as online forms?
  • Are you being transparent with customers, telling them how their data will be used?

2. Improve

You should now have a view of your current processes and potential risks, which means you are in a position to improve and optimise.

Some practices to consider implementing include the following.

Introducing a 360-degree customer view

Identifying customer touchpoints will become even more important with the GDPR. One way to introduce this is by creating unique Personal Identification Numbers (PINs) for each customer to be used across all systems.

Adopting new policies and processes

Ensure your data management is in-keeping with the GDPR by building your processes, policies, agreements and training around it.

Assigning resource and training

Are specific roles, such as a Data Protection Officer, required? Also, ensure your staff are up to speed with the GDPR regulation. The Information Commissioner's Office (ICO) has a range of resources available.

3. Integrate

Creating change in your business requires more than just new policies and procedures. It requires change in the culture of your organisation so that the protection of your customers is a driving force in everything you do.

To help embed this, you should consider:

  • Introducing a responsive data breach plan, demonstrating that you value your customers' data and are prepared should the worst happen.
  • Investing in departments to ensure IT systems and employees are prepared to deal with customer requests, such as the right to be informed or to be forgotten.
  • Enhancing customer communications to integrate transparency into your brand voice and culture. Make it the norm to let customers know what you are doing with their data and why.
  • Conducting data protection impact assessments. These tools are occasionally required by the GDPR, and are good practice for identifying and resolving risks.

Sponsored post. Copyright © 2018 Experian, creators of B2B Prospector